In many technologies it is important to verify the identity of a remote device before allowing access to certain protected resources for that device. This verification process generally requires that the device identify itself and subsequently reveal a password to confirm its identity. During the course of revealing the password, it is possible for another to determine the password and use it later to impersonate the originating device. In conventional methods for verifying the identity of a device attempting access to a protected resource, the password is sent in clear form without encryption which allows an intercepter to learn the password immediately which facilitates the possibility of fraudulent access.
Thus it is desirable to perform the identification process in a way that there is a low probability that any query of the password for a device will allow a third party to learn the password. Since the identity of the device must be verified remotely, it is further desirable to assign passwords and perform the identification process efficiently without undue communication between the device and the verifier.